FAQ
Hi Guys,

I am new to the world of puppet.

I have successfully configured puppet on centos 6 and am now trying to
install puppetb on the same host.

After the configuration when I try to run puppetd --test command on the
client I get :

[root@puppettest ~]# puppetd --test
notice: Ignoring --listen on onetime run
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Failed to submit 'replace facts' command for puppettest.example.com to
PuppetDB at puppetdb.example.com:8081: Server hostname
'puppetdb.example.com' did not match server certificate; expected one of
puppet.example.com, DNS:puppet, DNS:puppet.example.com
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
[root@puppettest ~]# openssl s_client -connect puppetdb.example.com:8081
CONNECTED(00000003)
depth=0 /CN=puppet.example.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /CN=puppet.example.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /CN=puppet.example.com
verify error:num=21:unable to verify the first certificate
verify return:1
30704:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:


I know that I am screwing up on the certificate part. But just don't know
where exactly.

Plz help.

Thnx in advance
Wikram

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • David Schmitt at Feb 8, 2013 at 11:53 pm

    On 2013-02-08 15:42, Wikram Patankar wrote:
    I have successfully configured puppet on centos 6 and am now trying to
    install puppetb on the same host.

    After the configuration when I try to run puppetd --test command on the
    client I get :

    [root@puppettest ~]# puppetd --test
    notice: Ignoring --listen on onetime run
    err: Could not retrieve catalog from remote server: Error 400 on SERVER:
    Failed to submit 'replace facts' command for puppettest.example.com to
    PuppetDB at puppetdb.example.com:8081: Server hostname
    'puppetdb.example.com' did not match server certificate; expected one of
    puppet.example.com, DNS:puppet, DNS:puppet.example.com
    warning: Not using cache on failed catalog
    err: Could not retrieve catalog; skipping run
    [root@puppettest ~]# openssl s_client -connect puppetdb.example.com:8081
    CONNECTED(00000003)
    depth=0 /CN=puppet.example.com
    verify error:num=20:unable to get local issuer certificate
    verify return:1
    depth=0 /CN=puppet.example.com
    verify error:num=27:certificate not trusted
    verify return:1
    depth=0 /CN=puppet.example.com
    verify error:num=21:unable to verify the first certificate
    verify return:1
    30704:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
    failure:s23_lib.c:188:


    I know that I am screwing up on the certificate part. But just don't
    know where exactly.
    You are talking to your puppetdb using the hostname
    "puppetdb.example.com", but the process it is using the name
    "puppet.example.com" in its certificate.

    This can be fixed by either using a different certificate or using
    puppet.example.com:8081 to connect to the puppetdb.


    D.

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Tim Owens at Feb 11, 2013 at 10:13 pm
    I have puppetDB on my puppetmaster (CentOS 6.3), so I know you can do it. I
    am using Puppet3.0.

    You can also use dns_alt_names in your /etc/puppet/puppet.conf file.

    Here's what I have:
    [master]
    certname = puppet.domain.com
    dns_alt_names = puppet.domain.com,puppetdb.domain.com,puppet
    On Friday, February 8, 2013 6:42:43 AM UTC-8, Wikram Patankar wrote:

    Hi Guys,

    I am new to the world of puppet.

    I have successfully configured puppet on centos 6 and am now trying to
    install puppetb on the same host.

    After the configuration when I try to run puppetd --test command on the
    client I get :

    [root@puppettest ~]# puppetd --test
    notice: Ignoring --listen on onetime run
    err: Could not retrieve catalog from remote server: Error 400 on SERVER:
    Failed to submit 'replace facts' command for puppettest.example.com to
    PuppetDB at puppetdb.example.com:8081: Server hostname '
    puppetdb.example.com' did not match server certificate; expected one of
    puppet.example.com, DNS:puppet, DNS:puppet.example.com
    warning: Not using cache on failed catalog
    err: Could not retrieve catalog; skipping run
    [root@puppettest ~]# openssl s_client -connect puppetdb.example.com:8081
    CONNECTED(00000003)
    depth=0 /CN=puppet.example.com
    verify error:num=20:unable to get local issuer certificate
    verify return:1
    depth=0 /CN=puppet.example.com
    verify error:num=27:certificate not trusted
    verify return:1
    depth=0 /CN=puppet.example.com
    verify error:num=21:unable to verify the first certificate
    verify return:1
    30704:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
    failure:s23_lib.c:188:


    I know that I am screwing up on the certificate part. But just don't know
    where exactly.

    Plz help.

    Thnx in advance
    Wikram
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedFeb 8, '13 at 6:59p
activeFeb 11, '13 at 10:13p
posts3
users3
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase